What Happens When I Agree to Share Reported Phishing Emails with KnowBe4?
When using the Phish Alert Button (PAB) in your organization, you have the option to send copies of the phishing emails your users report to KnowBe4. This Send us a copy setting is located in your Phish Alert Account Settings and is disabled by default.
We strongly recommend enabling this setting. By sharing reported phishing emails with KnowBe4, you are helping educate users about the various techniques and scams hackers use to try to trick people.
What Happens After I Enable This Setting?
If enabled, KnowBe4 will receive a copy of each email your users report as a potential phishing email. The email will be stored in an encrypted container.
Once the email is received by our Security Research team, it will be reviewed to determine if it is, in fact, a phishing email. If it is a phishing email, the email will then be analyzed within a sandbox environment to determine the type of attack or method being used and the overall goal of the phishing email. We determine if the email uses credentials phishing, malicious attachments, ransomware, business email compromise, or other forms of phishing and social engineering.
As part of this process, KnowBe4 also helps the cause of security awareness by sharing reported phishing email data with security research partners.
At times, certain reported emails may turn out to not be phishing emails. In cases where an email is determined to be non-phishing and non-social engineering, they will not be analyzed or shared with security research partners.
Why Should I Enable This Setting?
Although this setting is disabled by default, we recommend that you enable it if appropriate for your organization. By sharing reported phishing emails with KnowBe4, you are helping our mission and allowing us to educate millions of users about the real-life phishing attacks that are out in the wild.
Here are a few examples of how we use this data.:
- Our Reported Phishes of the Week category uses ten real-life phishing attacks from the previous week's PAB submissions and lets you test your users on recent in-the-wild attacks.
- The Scam of the Week, located in our blog and in our Scam of the Week phishing template categories, is often developed based on the research our team has done on PAB-reported phishing emails.
- Our blog Cyberheist News covers recent scams (and new, malicious techniques that are being used) to help educate and strengthen security teams around the world.
If your reported phishing email is used for any of the above points, personally-identifiable or company-specific information will be erased from the email.
Thank you for your help in enabling employees to make smarter security decisions, every day.